Helm chart for ArgoCD (#34)

* Add application controller resources First chart version for argo-cd added the new labels recommeneded for k8 * Add repo server resources Use legacy label and new one for application controller selectors Set labels for deployment for easier discovery * Configure git repositories, helm chart museums and dex connectors This way argo-cd could be configured to update itself via helm * Parameterize the rbac configmap * Parameterize webhook secrets * Parameterize server deployment and set services with the labels * Add service account, role and rolebinding for server deployment * Clean the old label, use only latest recommendations Follow the ideas and changes of https://github.com/argoproj/argo-cd/pull/1035 * Fix var naming issues * Fix server service incorrect ports * Install crds with helm hook * Enable cluster admin accessby default Default installation will allow installing apps in the current cluster without inputted credentials. For other clusters inputted credentials will be needed * Parameterize the dex server * Harcode resource names because code expects them this way Some resource names and application urls are hardcoded in code with these names. So they can't be parameterized. * Create the ingress with tls passthrough support Tls is terminated on the ArgoCD server, not on ingress * Fix typo on application controller sa * Add notes on how to connect to server UI after installation
2019-02-14 00:22:11 +02:00 · 2019-02-14 00:22:11 +02:00 · db30d36879
commit db30d36879
parent 1fbc076882
32 changed files with 859 additions and 0 deletions
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -0,0 +1,128 @@
+applicationController:
+  containerPort: 8083
+  servicePort: 8083
+  image:
+    repository: argoproj/argocd
+    tag: v0.11.0
+    pullPolicy: Always
+
+server:
+  containerPort: 8080
+  servicePortHttp: 80
+  servicePortHttps: 443
+  containerMetricsPort: 8082
+  serviceMetricsPort: 8082
+  image:
+    repository: argoproj/argocd
+    tag: v0.11.0
+    pullPolicy: Always
+  uiInitImage:
+    repository: argoproj/argocd-ui
+    tag: v0.11.0
+    pullPolicy: Always
+    
+repoServer:
+  containerPort: 8081
+  servicePort: 8081
+  image:
+    repository: argoproj/argocd
+    tag: v0.11.0
+    pullPolicy: Always
+
+dexServer:
+  containerPortHttp: 5556
+  containerPortGrpc: 5557
+  servicePortHttp: 5556
+  servicePortGrpc: 5557
+  image:
+    repository: quay.io/dexidp/dex
+    tag: v2.12.0
+    pullPolicy: Always
+  initImage:
+    repository: argoproj/argocd
+    tag: v0.11.0
+    pullPolicy: Always
+
+# terminate tls at ArgoCD level
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+  path: /
+  hosts:
+    - argocd.example.com
+
+# Standard Argo CD installation with cluster-admin access. 
+# Set this true if you plan to use Argo CD to deploy applications in the same cluster that 
+#     Argo CD runs in (i.e. kubernetes.svc.default). 
+# Will still be able to deploy to external clusters with inputted credentials.
+
+clusterAdminAccess:
+  enabled: true
+
+config:
+  helmRepositories:
+    # - name: privateRepo
+    #   url: http://chartmuseum.privatecloud.com
+    #   usernameSecret:
+    #     name: private-chartmuseum
+    #     key: username
+    #   passwordSecret:
+    #     name: private-chartmuseum
+    #     key: password
+    # - name: incubator
+    #   url: https://kubernetes-charts-incubator.storage.googleapis.com/
+  repositories:
+    # - url: git@gitlab.com:usersprivategroup/users-gitops-config.git
+    #   sshPrivateKeySecret:
+    #     key: privateKey
+    #     name: argocd-dev-key
+    # - url: git@gitlab.com:accountingprivategroup/accounting-gitops-config.git
+    #   sshPrivateKeySecret:
+    #     key: privateKey
+    #     name: argocd-dev-key
+  dexConfig:
+    #   # Argo CD's externally facing base URL. Required for configuring SSO
+    #   # url: https://argo-cd-demo.argoproj.io
+    #
+    #   # A dex connector configuration. See documentation on how to configure SSO:
+    #   # https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso
+    # connectors:
+    #   # GitHub example
+    #   - type: github
+    #     id: github
+    #     name: GitHub
+    #     config:
+    #       clientID: aabbccddeeff00112233
+    #       clientSecret: $dex.github.clientSecret
+    #       orgs:
+    #       - name: your-github-org
+    #         teams:
+  # The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook
+  # events. To enable webhooks, configure one or more of the following keys with the shared git
+  # provider webhook secret. The payload URL configured in the git provider should use the
+  # /api/webhook endpoint of your Argo CD instance (e.g. https://argocd.example.com/api/webhook)
+  webhook:
+    githubSecret: 
+    gitlabSecret:
+    bitbucketSecret:
+rbac:
+#   # An RBAC policy .csv file containing additional policy and role definitions.
+#   # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies.
+#   policy.csv: |
+#     # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project"
+#     p, my-org:team-alpha, applications, sync, my-project/*, allow
+#     # Make all members of "my-org:team-beta" admins
+#     g, my-org:team-beta, role:admin
+  policyCsv: #|
+  #   p, role:org-admin, applications, *, */*, allow
+  #   p, role:org-admin, clusters, get, *, allow
+  #   p, role:org-admin, repositories, get, *, allow
+  #   p, role:org-admin, repositories, create, *, allow
+  #   p, role:org-admin, repositories, update, *, allow
+  #   p, role:org-admin, repositories, delete, *, allow
+  #   g, your-github-org:your-team, role:org-admin
+  # The default role Argo CD will fall back to, when authorizing API requests
+  policyDefault: #role:readonly